September 3, 2024 at 11:48AM D-Link has issued a warning about four remote code execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. They will not be patched as the products are no longer supported. Based on the meeting notes, the key takeaway is that D-Link has warned about four remote … Read more
July 26, 2024 at 05:51AM Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially … Read more
January 18, 2024 at 05:03AM Multiple security vulnerabilities in the TCP/IP network protocol stack of an open-source UEFI firmware are collectively dubbed PixieFail. These issues could be exploited to achieve remote code execution, denial-of-service, DNS cache poisoning, and leakage of sensitive information. Various firms’ UEFI firmware are impacted, and the CERT Coordination Center provided advisory … Read more